Tails v1.0: One Linux Distro Among Many for Secure Communications


Tails linux distro logoTails, short for “The Amnesic Incognito Live System,” came to the world’s attention last month when the Freedom of the Press Foundation revealed that Edward Snowden used a beta version of the Linux distribution to securely communicate with reporters. Now, the same highly secure distro used by Snowden to leak NSA materials has been released as version 1.0 under an open GPLv3 license.

Tails’ first line of defense against snoopers is the fact that it’s a “live” OS, designed to boot up and run entirely from a USB drive, DVD, or SD card. The distribution is said to leave no trace on the host computer. There’s a long tradition of live Linux distributions dating back over a decade with distros such as Knoppix.

Tails’ second line of defense is that it uses the open source Tor anonymity network for web surfing and communications. Tor has become increasingly popular among journalists, dissidents, privacy advocates, spies, criminals, terrorists, and others who want to keep their online behavior anonymous. Developed by the U.S. Navy, Tor generates a complex network of virtual tunnels to hide IP addresses from prying eyes.

Finally, Tails supplies security tools including OpenPGP encryption, KeePassX password management, LUKS disk encryption, and Off-the-Record (OTR) encrypted chat. These and other applications like the Pidgin IM client and Claws email client, have been tweaked for security, privacy, and anonymity. For example, Firefox is configured with the HTTPS Everywhere extension from the Electronic Frontier Foundation (EFF). A virtual keyboard helps protect against hardware keyloggers.

Tails also ships with basic productivity tools such as Audacity, GIMP, and OpenOffice. Yet, as Wired recently noted, Tails is not intended as an everyday OS. “That’s because over the course of day-to-day use, you’re likely to use one service or another that could be linked with your identity, blowing your cover entirely,” says the story.

Tails has been five years and 36 stable releases in the making, if you include the Amnesia distro it evolved from. Both Amnesia and Incognito, the Debian distro Amnesia was based on, have been merged into Tails.

More anonymous open source Linux projects

Although Tails is a fairly transparent open source project, its inventors are keeping incognito, much like Bitcoin. While this has led to suggestions that Tails could be a secret NSA plot, Wired points to Snowden’s support of the project, as well as one Snowden leak that reveals an NSA slide deck complaining about Tails. In addition, the open source nature of the OS means that it should be more difficult to hide backdoor code.

Indeed, there have been a growing number of open source projects for anonymous computing that have launched or gained more attention since Snowden’s leaks about the NSA’s extensive cyber-spying. Open source anonymity projects include the Citizen Web Project’s Arch Linux based ArkOS distro, initially available on the Raspberry Pi. There’s also a non-profit LEAP Encryption Access Project that offers a Linux-compatible, secure client called Bitmask.

Runners-up for the Access 2014 Endpoint Security Prize, which was won by Tails, includes Open Whisper Systems, which offers GPLv3-licensed tools for Android, including its RedPhone end-to-end voice encryption application. Another runner-up is the desktop-oriented Qubes OS distribution, based on Linux, Xen, and X Window.

Tails’ website points to a number of related projects, including the Debian-based Whonix distro, which incorporates Tor as well as an isolated secure workspace. Tails also lists live Linux distributions like Freepto and JonDo Live-CD/DVD, as well as a distro called IprediaOS, which offers encrypted and anonymized messaging tools for the desktop.

Tails also lists a military-focused Lightweight Portable Security Linux thin client that appears more concerned with protecting the DoD from cyber-terrorism than homegrown NSA snooping. Even the Chinese government is looking to Linux to protect itself from unwarranted snooping. The government-linked Chinese Academy of Sciences is reported to be working on a secure, Linux-based OS called China Operating System (COS) to protect China from NSA snoops. 

On the hardware side, Pogoplug has launched a $49, Linux-based Safeplug router peripheral that runs all communications over Tor. One of the higher profile, but not quite so open source, hardware efforts is SGP Technologies’ Blackphone. This smartphone collaboration between Firefox OS phone vendor Geeksphone and Silent Circle, a cryptography firm that includes PGP creator Phil Zimmermann, offers anonymization via a VPN, as well as encrypted applications like Silent Mail secure email.

Earlier this week, SGP released specs for the Blackphone, which will ship in June for $629. The unlocked, 4.7-inch GSM smartphone runs a homegrown, Android-based OS called PrivatOS on Nvidia’s new quad-core Tegra 4i processor.

One problem with most of this Paranoiaware is that it tends to be difficult to set up and use on a regular basis, thereby effectively limiting encrypted communications to other technologically adept, privacy-minded folks. On a practical level, this likely means running two different distributions, or at least using separate processes for conducting communications.

While many of your friends or family members may refuse to encrypt, terrorists and criminals will be highly motivated to spend the time and effort. It’s not a small price we pay for online privacy, but considering the potential for abuse, or even totalitarian control, that could occur when corporations and governments spy on citizens, it seems worth paying.

More information and links to downloads may be found at the Tails website. The project needs donations and volunteers.